On 20 Jul 2017, at 22:02, Kajetan Staszkiewicz wrote:
Yet for a reason beyond my understanding FreeBSD handbook proposes a
3rd mode:
using a GIF tunnel together with IPSec tunnel mode. I really don't
understand
how is that supposed to work. People On The Internet also seem not to
be
Hi group,
For many years I have used the trick of running a GRE or GIF tunnel encrypted
with IPSec transport mode, both on FreeBSD and Linux. That allows me to run
BGP or OSPF on the tunnels.
I am also aware of IPsec tunnel mode which kind of works for me, although is
not my personal choice
On Thu, Oct 01, 2009 at 10:00:35AM +0200, Zaidi, Abbas wrote:
> Thanks Yvan for the help
>
> The problem got solved by changing the in security policy, on SGW, from
> ipsec level require to use, but I'm still not clear what the real issue
> was. Why we can't use require on it.
This sounds like yo
reebsd.org]
Sent: Wednesday, September 30, 2009 6:08 PM
To: Zaidi, Abbas
Cc: freebsd-net@freebsd.org; Ansari, Fakhir; Khan, Fayyaz
Subject: Re: FreeBSD ipsec tunnel mode packet lost
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote:
> Hi
Hi.
> I am having this strange problem est
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote:
> Hi
Hi.
> I am having this strange problem establishing tunnel between FreeBSD and
> linux, my network setup is
[the setup]
> Once the SAs get negotiated I send a ping request from FreeBSDe to
> Linuxe. The packets get an ipsec heade
Hi
I am having this strange problem establishing tunnel between FreeBSD and
linux, my network setup is
Link2:216:76ff:febd:618c -|Link2::e -o-
Link1::e||Link1::f -o-
Link0::e|---Link0:212:17ff:fe5c:9466
FreeBSDe--|FreeBSDr|--
u seem to have lost me..)
There are TWO ways of doing this:
1. IPsec tunnel mode
- you don't need any gifs
- you must use IPsec selectors to match & forward your traffic
2. IPIP tunnels + transport mode
- you do need gifs but ONLY with IPsec TRANSPORT mod
At 13:36 9-4-2002 +0200, Dennis Pedersen wrote:
>Uhm okai, but where do i see the port number for the 2 natd processes? , kan
>i specify it somewhere or?
From natd(8):
-port | -p port
Read from and write to divert(4) port port, distinguishing
packets as
- Original Message -
From: "Lars Eggert" <[EMAIL PROTECTED]>
To: "Dennis Pedersen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, April 09, 2002 6:18 PM
Subject: Re: IPsec tunnel mode
> Dennis Pedersen wrote:
> > But uhm is
Dennis Pedersen wrote:
> But uhm is there a 'simple' way of doing this?
Did you look at the KAME newsletters? (URL in a previous email)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
ipfw add divert natd can tell the
> difference between te 2 sessions of natd)
Both setup instructions you gave URLs for are broken in the respect that
they tell you to set up IPIP tunnels and IPsec tunnel mode SAs in
parallel. IPsec tunnel mode under KAME does not use gif interfaces. This
wor
From: "Rogier R. Mulhuijzen" <[EMAIL PROTECTED]>
> At 12:16 9-4-2002 +0200, Dennis Pedersen wrote:
> >But uhm is there a 'simple' way of doing this? (as in just adding the IP
of
> >the other ends gif interface as destinatio in my routes?
> >The setup today i an exact copy of (other IP's of cours
At 12:16 9-4-2002 +0200, Dennis Pedersen wrote:
>But uhm is there a 'simple' way of doing this? (as in just adding the IP of
>the other ends gif interface as destinatio in my routes?
>The setup today i an exact copy of (other IP's of course)
>www.freebsddiary.org/ipsec-tunnel.php
>This works just
- Original Message -
From: "Lars Eggert" <[EMAIL PROTECTED]>
To: "Dennis Pedersen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, April 08, 2002 11:23 PM
Subject: Re: IPsec tunnel mode
> Dennis Pedersen wrote:
> > Because on t
Rogier R. Mulhuijzen wrote:
> I'd like to hear how to do it the proper way though. Feel like clueing
> me in?
Check the KAME newsletters (e.g.
http://www.kame.net/newsletter/20001119/) for configuration examples.
There are also some examples in the IMPLEMENTATION and USAGE files under
CVS (we
ode SAs, you need to set up your security policies with the
>correct selectors (think firewall-like matching).
>
>*Many* tutorials on the net do not understand this disctinction, and
>tell you to set up an IPIP tunnel (using a gif) and an IPsec tunnel
>mode SA in parallel. This is a bad
Julian Elischer wrote:
> Assign the required address to the netgraph interface and then
> use the IP-over-UDP example in the netgraph examples.
Good idea. IP-over-UDP has advantages when it comes to firewall- and
NAT-traversal. IP-over-IP has the advantage that it looks like IPsec
tunne
you need to set up your security policies with the
> correct selectors (think firewall-like matching).
>
> *Many* tutorials on the net do not understand this disctinction, and
> tell you to set up an IPIP tunnel (using a gif) and an IPsec tunnel
> mode SA in parallel. This is a bad
Dennis Pedersen wrote:
> Because on the [EMAIL PROTECTED] Lars Eggert said something about using
> transport mode, not tunnel mode. This confused me a bit because isnt
> transport between 2 hosts only
I said a possibility would be to use IPsec transport mode OVER AN IPIP
TUNNEL, which is not he
orrect selectors (think firewall-like matching).
*Many* tutorials on the net do not understand this disctinction, and
tell you to set up an IPIP tunnel (using a gif) and an IPsec tunnel
mode SA in parallel. This is a bad hack, since you (ab)use a side effect
of creating an IPIP tunnel device
- Original Message -
From: "Rogier R. Mulhuijzen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 08, 2002 8:04 PM
Subject: IPsec tunnel mode
> I've been following the KAME vs. OpenBSD IPsec thread somewhat, and I
> gather that IPsec tun
ther mention of IPsec & tunneling on
the net uses the gif interface. Which is IPoverIP, and this does not seem
to match with IPsec tunnel devices.
I quote the gif(4) manpage:
"For example, you cannot usually use gif to talk with IPsec devices that
use IPsec tunnel mode."
The problem
check out this link... they were a great deal of help to me when i went
to setup ipsec on freebsd...
Best wishes
Hytekblue
http://www.x-itec.de/projects/tuts/ipsec-howto.txt
> At 20:04 8-4-2002 +0200, Rogier R. Mulhuijzen wrote:
> >My question is, can one get IPsec tunne
At 20:04 8-4-2002 +0200, Rogier R. Mulhuijzen wrote:
>My question is, can one get IPsec tunnel mode to work in BSD, and how is
>it done? I do not need a lengthy story, a few terse pointers would be
>quite enough.
Pardon me. I meant FreeBSD not BSD.
Doc
To Unsubscribe: sen
I've been following the KAME vs. OpenBSD IPsec thread somewhat, and I
gather that IPsec tunnel mode is not the same as using the gif interface
(which is IPIP).
My question is, can one get IPsec tunnel mode to work in BSD, and how is it
done? I do not need a lengthy story, a few terse poi
t - ITSD Open Systems Group" <[EMAIL PROTECTED]>
To: "Ari Suutari" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: 16. joulukuuta 2000 13:24
Subject: Re: IPFW & IPsec tunnel mode
> In message <001301c0601e$34cab880$[EMAIL PROTE
In message <001301c0601e$34cab880$[EMAIL PROTECTED]>,
"Ari Suut
ari" writes:
> However, pipsecd only supports fixed keys and Kame seems more
> like the future way to go. Would it be possible to enhance ipfw & kame
> to work together better in same way (like having some kind of name for
> each tun
27 matches
Mail list logo
